JBoss EAP 6 CLI – Ninja

Management

Brian Stansberry Principal Software Engineer, Red Hat06.13.13

Agenda

● Demo, demo, demo!● EAP 6 management basics● Using the CLI with a single Standalone Server● CLI security● Using the CLI with a multi-server Managed Domain● Interactive and non-interactive operation

EAP 6 Management Interfaces

Tools● CLI● Web Console

Management Protocols ● Native (Java)● HTTP/REST● JMX

New in EAP 6 -- Multi-Server Management

● Multi-server management is a core part of JBoss EAP 6 itself

● Manage multiple servers from a single control point● Start/stop servers● Rolling deployment to a set of servers● Roll a config change out to a set of servers● Roll back changes

Choices for How to Manage EAP 6 Instances

● Do you want to take advantage of our multi-server management features?

● Yes: run a Managed Domain● [bin]$ ./domain.sh

● No: run a Standalone Server● [bin]$ ./standalone.sh

Core concepts: Subsystems & Profiles

● Subsystem: a particular set of capabilities that extend the application server core

● Webserver, Transaction Manager, EJB3, CDI, HornetQ, OSGi, JCA, JGroups, Infinispan, etc, are all subsystems

● Profile: a named set of subsystem configurations● A standalone server runs a single profile● A managed domain can have many profiles available,

with different servers running different profiles

Core concept: Management Resources

● Everything manageable is exposed via a tree of addressable resources

● Address is an ordered list of key/value pairs● /profile=default/subsystem=web/connector=http

● Resources expose attributes & operations

● Quite similar to JMX Open MBeans● But, resources are organized in a tree● Atomic multi-step operations supported● Operations across servers supported

CLI – Two Types of Commands

● Low-level: ● provide resource address, operation name & params & you

can invoke any operation on any resource[standalone@localhost:9999 /] /subsystem=web/connector=http:read-attribute(name=request-count)

● High-level: convenience commands for common tasks[standalone@localhost:9999 /] deploy /home/admin/wars/helloworld.war

Demo – CLI Basics with a Standalone Server

● Navigation: ls, cd, pwd

● Convenience: tab completion, history

● Commands:● Low-level: provide resource address, operation name &

params & you can invoke any operation on any resource[standalone@localhost:9999 /] /subsystem=web/connector=http:read-attribute(name=request-count)

● High-level: convenience commands for common tasks[standalone@localhost:9999 /] deploy /home/admin/wars/helloworld.war

● Batch operations: batch, run-batch

● reload, shutdown operations

CLI Security

● Native management interface integrates with an EAP security-realm

<management> <security-realms> <security-realm name="ManagementRealm"> .... <management-interfaces> <native-interface security-realm=”ManagementRealm”>

● Realms support different authentication stores● truststore, properties file, LDAP, JAAS, custom● properties file is the default

● Manipulate via bin/add-user.sh (.bat) helper tool

“Local” Authentication

● Automated challenge-response, transparent to end user

● EAP provides location of a file writable by EAP process● Client proves it can write to that file

● Based on filesystem permissions● Assumption is if client process can write to files owned

by EAP process' account, the client account is valid

● Supported by default, but can be disabled

Demo – CLI Security

● whoami operation

● Disable local authentication, require login

Host 1

Managed Domain Topology

Domain Controller(master Host Controller)

Domain Controller(master Host Controller)

HostController

HostController

HostController

HostController

Server 3Server 3

Host 2Server 1Server 1

Server 2Server 2

Host 3

HostController

HostController

Host 4Server 5Server 5

Server 4Server 4

Server Group A

Server Group B

Demo – Administer a Managed Domain

● Administer a 3 “host”, 2 server domain

● Navigate the domain

● Add a server group

● Add 2 new servers

Rollout Plans

● Control how changes get applied to multiple servers in your domain

● Concurrency● Apply to all server groups concurrently or in series● Apply to all servers in a group concurrently or in series

● Failure tolerance● Failure on > x servers or > y% of servers in a group

triggers rollback (in that group or in all groups)

Demo – Rolling Changes Out to a Domain

● Roll a deployment out to the domain

● Save a rollout plan for re-use

● Use the saved rollout plan with an undeploy operation

Demo – Running the CLI from a Script

● Run a script that shuts down a given list of hosts

Q&A